expressjs/express (express)
### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0)
\==========
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add `depth` option to customize the depth level in the parser
- IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
- Remove link renderization in html while using `res.redirect`
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of `\`, `|`, and `^` to align better with URL spec
- Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
### [`v4.19.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.1...4.19.2)
\==========
- Improved fix for open redirect allow list bypass
### [`v4.19.1`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.0...4.19.1)
\==========
- Allow passing non-strings to res.location with new encoding handling checks
### [`v4.19.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4190--2024-03-20)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.3...4.19.0)
\==========
- Prevent open redirect allow list bypass due to encodeurl
- deps: cookie@0.6.0
### [`v4.18.3`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-29)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.2...4.18.3)
\==========
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- deps: cookie@0.6.0
- Add `partitioned` option
### [`v4.18.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4182--2022-10-08)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.1...4.18.2)
\===================
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
4.18.1->4.20.0By merging this PR, the issue #6 will be automatically resolved and closed:
Release Notes
expressjs/express (express)
### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0) \========== - deps: serve-static@0.16.0 - Remove link renderization in html while redirecting - deps: send@0.19.0 - Remove link renderization in html while redirecting - deps: body-parser@0.6.0 - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`) - Remove link renderization in html while using `res.redirect` - deps: path-to-regexp@0.1.10 - Adds support for named matching groups in the routes using a regex - Adds backtracking protection to parameters without regexes defined - deps: encodeurl@~2.0.0 - Removes encoding of `\`, `|`, and `^` to align better with URL spec - Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie` - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie ### [`v4.19.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4190--2024-03-20) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.3...4.19.0) \========== - Prevent open redirect allow list bypass due to encodeurl - deps: cookie@0.6.0 ### [`v4.18.3`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-29) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2 - deps: cookie@0.6.0 - Add `partitioned` option ### [`v4.18.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4182--2022-10-08) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.1...4.18.2) \=================== - Fix regression routing a large stack in a single route - deps: body-parser@1.20.1 - deps: qs@6.11.0 - perf: remove unnecessary object clone - deps: qs@6.11.0